问题描述

我正在研究SignInManager类.但是在MSDN上给出的信息是非常无用的.它只告诉您提供了哪些方法和属性.

I am exploring SignInManager class. But the information given on MSDN is very useless. It only tells what are the methods and properties provided.

我正在寻找的是

1)什么是SignInManager?2)如何使用?3)我有自己的数据库，其中包含与凭证相关的信息(用户名和密码)

1) What is SignInManager?2) How to use it?3) And I have my own database that contains credentials related info(username and passwords)

如何使用SignInmanager以及如何使用它，以便使用我的自定义数据库来验证用户身份?

How can I use SignInmanager and how to use it so my custom database is used for authenticating users?

我正在使用asp.net MVC 5和Visual Studio2015.在我的示例项目中，我有一个包含诸如以下操作方法之类的帐户控制器

I am using asp.net MVC 5 and Visual Studio 2015. In my sample project I have accounts controller that contains action methods like

  public async Task<ActionResult> ExternalLoginCallback(string returnUrl)

但是我不知道如何使用它，MSDN完全没有必要提供有关此信息.任何有用的链接都会对其进行详细说明，因为我不知道SignInManager是什么以及它的用途.

But I have no idea how to use it, MSDN is completely useless to provide info on this. Any helpful links that explains it in details because I have no idea what SignInManager is and what it's for.

谢谢

推荐答案

免责声明:我自己对ASP.NET身份中使用的模型感到困惑，而我所说的是我对事物的理解，这可能是不准确的(我也可能是说明明显的事情，对此我深表歉意.另外，我最近正在使用Asp.Net Core的身份，与Asp.Net 4的身份稍有不同，因此我可能会混淆.

Disclaimer: I am confused by model used in ASP.NET identity myself and what I say is my understanding of things, that may be inaccurate (I might also be stating obvious things, so I apologize). Also, I was playing with Asp.Net Core's identity recently which is slightly different compared to what was available for Asp.Net 4, so I may mix things up.

ASP.NET身份使用两种cookie进行操作:应用程序cookie和外部cookie.应用程序Cookie包含您应用程序的身份，并由登录管理器发布.外部cookie包含外部身份验证提供程序标识，并由身份验证中间件(例如FacebookAuthenticationMiddleware)发出.您可以使用登录管理器来使用外部cookie，然后发布应用程序cookie.如果您不使用外部身份验证，则不会处理外部Cookie.

ASP.NET identity operates with two kinds of cookies: Application cookie and External cookie. Application cookie contains your application's identity and is issued by sign in manager. External cookie contains external authentication provider identity and is issued by authentication middleware (such as FacebookAuthenticationMiddleware, for example). You use sign in manager to consume the external cookie and issue application cookie instead. If you don't use external authentication you don't deal with external cookies.

这样声明的类:

public class SignInManager<TUser, TKey> : IDisposable 
    where TUser : class, IUser<TKey> 
    where TKey : IEquatable<TKey>

因此，只要它实现IUser<TKey>接口，您就可以使用任何类作为您的用户.如果从头开始实现IUser<string>，或者使用IdentityUser作为基础.过去，我尝试创建一个将int用作TKey的实现，但是在花了很多时间使它工作并且看不到任何进展之后放弃了尝试.

So you may use any class as your user as long as it implements IUser<TKey> interface. Or use IdentityUser as your base if you start from scratch, which implements IUser<string>. In the past I attempted to create an implementation that uses int as TKey, but abandoned attempt after spending quite some time trying to make it work and not seeing any progress.

SignInManager.SignInAsync方法立即为指定用户发出应用程序cookie，而无需进行任何检查，因此，如果实现任何自定义身份验证逻辑，则可能要使用它(默认asp.net MVC模板在注册用户后会使用它，因此他们不会注册后不必立即进行身份验证.

SignInManager.SignInAsync method issues application cookie for the specified user right away without any checks, so if you implement any custom authentication logic, you might want to use it (default asp.net MVC template uses it after registering user so they don't have to authenticate right after registration).

SignInManager.PasswordSignInAsync会检查其有效性，并在正确的情况下发出应用程序cookie.

SignInManager.PasswordSignInAsync given the user name and password checks their validity and issues application cookie if they are correct.

您可能不想让用户专门为您的网站创建登录名和密码，而是希望他们使用某个外部网站进行身份验证，并使用OAuth将身份验证信息传递给您.

Instead of having the user to create login and password for your site specifically you might want them to use some external web site to authenticate and pass the authentication information to you with OAuth.

Asp.Net身份具有User和Login的概念，其中User是...(用户(个人))，Login是User进行身份验证的凭据. User可能有多个Login.

Asp.Net Identity has notion of User and Login, where User is... well, user (a person), and Login is the credential with which User authenticates. User might have multiple Logins.

OAuth流程如下(基于VS模板生成的默认登录流程):

OAuth flow as seen from Asp.Net web site looks like this (based on the default log in flow generated by VS template):

1. 您设置了您愿意接受的外部身份验证提供程序(身份验证中间件)(可能涉及在外部网站上注册.例如，要使用Facebook身份验证，您需要创建Facebook应用，然后在此处设置返回URL指向您的网站并为FacebookAuthenticationMiddleware配置应用ID和Facebook为您提供的应用秘密).
2. 您向未经身份验证的用户提供了所支持的外部提供商的选择.
3. 用户选择提供商，选择将发送到您的Asp.Net Web应用程序
4. Web应用程序发出一个ChallengeResult，其中包含要使用的提供程序的名称(通常发生在AccountController.ExternalLogin中)，返回URL设置为调用AccountController.ExternalLoginCallback，并且应将用户最终应到达的实际返回URL保存为以后.
5. 适当的中间件捕获ChallengeResult对象，并将其转换为HTTP重定向响应，该响应导致用户的浏览器转到要求用户提供凭据的第三方网站.
6. 成功进行身份验证的第三方网站会将用户重定向回您的网站，以使用身份验证中间件(对于Facebook为/signin-facebook IIRC)制作的特定URL.
7. 身份验证中间件拦截此调用，验证第三方网站传递的数据，如果一切正常，则发出外部cookie ，然后将您重定向到在步骤4中设置为返回URL的任何位置(应是AccountController.ExternalLoginCallback).
8. 在AccountController.ExternalLoginCallback中，您应该使用外部cookie并发出应用程序cookie.这就是SignInManager.ExternalSignInAsync的作用:给定登录信息，它会尝试查找具有该Login的用户.如果找到，它将发出应用程序cookie；否则，它将发出Application cookie.如果没有，它将通知您，并且当您收到未知的Login时，您应该做自己认为正确的事情(通常是在此时创建新用户.此时，VS模板的默认实现会要求您提供其他信息并创建用户在AccountController.ExternalLoginConfirmation中).在将该用户重定向到步骤4中保存为以后"的实际返回URL之后.

1. You set up external authentication providers (authentication middleware) which you are willing to accept (that likely involves registering on external web site. For example, in order to use Facebook authentication you need to create Facebook app, set up return URL there to point to your web site and configure FacebookAuthenticationMiddleware with app ID and app secret Facebook provides you with).
2. You present unauthenticated user with a choice of external providers you support.
3. User picks a provider, the choice is sent to your Asp.Net web application
4. Web application issues a ChallengeResult containing the name of the provider to be used (this usually happens in AccountController.ExternalLogin), return URL is set to call AccountController.ExternalLoginCallback and actual return URL user should end up in is saved for later.
5. Appropriate middleware catches the ChallengeResult object and converts it into HTTP redirect response that causes user's browser to go to third party web site that asks user for credentials.
6. Third part web site upon successful authentication redirects user back to you web site to the specific URL crafted by the authentication middleware (for Facebook it's /signin-facebook IIRC).
7. Authentication middleware intercepts this call, validates the data passed by third party web site and if everything OK issues the external cookie, and redirects you to whatever was set as return URL at step 4 (which should be AccountController.ExternalLoginCallback).
8. In AccountController.ExternalLoginCallback you are expected to consume the external cookie and issue an application cookie instead. That's what SignInManager.ExternalSignInAsync does: given the log in information it tries to find user with that Login. If it finds, it issues Application cookie; if it does not, it informs you and you should do what you think is right when you receive unknown Login (generally, you create new user at this point. Default implementation from VS template asks for additional info at this point and creates user in AccountController.ExternalLoginConfirmation). After that user is redirected to actual return URL "saved for later" in step 4.

自定义存储

到目前为止，我没有为Asp.Net Identity创建自定义存储.通常，它涉及实现您自己的用户管理器类(从UserManager<TUser, TKey>降序)和存储类，以实现一堆接口，如IUserStore<TUser, TKey>，IUserRoleStore<TUser, TKey>等.

Custom storage

I've been unsuccessful so far with creating custom storage for Asp.Net Identity. It generally involves implementing your own user manager class descending the UserManager<TUser, TKey> and storage class implementing bunch of interfaces like IUserStore<TUser, TKey>, IUserRoleStore<TUser, TKey>, etc.

这篇关于什么是SignInManager?如何使用?何时使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！